Just 10 years ago hackers didn’t waste their time and energy on small businesses, but today cybercrime is a multi-billion dollar business, and no one is immune. From Fortune 100 companies down to the smallest mom-and-pop shops, data security is a huge concern.
Email is an attractive entry point that hackers use to carry out their attacks. According to Stephen Gee, senior product manager for email security business at Barracuda Networks, "Companies like Target and Ubiquiti Networks experienced massive security breaches, and those branched out originally from email."
It makes sense; nearly every company uses email to communicate, and even email sent to defunct addresses is generally rerouted somewhere else within an organization. People often read and respond to email on a mobile device, where they're typically more worried about efficiency than security.
Security Threats Lurking in Your Inbox
"Email is the number one threat vector hackers use to gain access to an organization," says Patrick O'Neill, director of marketing at EdgeWave, a Cybersecurity company. Phishing—and its variant known as spear phishing—are emails that appear legitimate but contain corrupted links, attachments, or other nasty surprises. "Email security is one of the best investments an organization can make, no matter its size," O'Neill says.
Malicious email links can wreak tremendous havoc on a small business. If hackers gain access to an employee's login or to the network's security credentials, they can head for what Jane Wasson, senior product marketing manager at Dell SonicWall, calls "the crown jewels" of the business. They could "potentially steal customer information or other business-critical information," she says.
The financial risk is no joke; by some estimates a small business will spend an average of $38,000 to recover from a security breach. And that doesn't address the damage—often irreparable—a breach can do to a company's reputation.
How to Improve Email Security
In addition to a strong email security solution, small businesses need to make sure that their employees use best practices when it comes to handling email. Michél Bechard, director of service provider technologies at Comodo, an Internet security company, says that SMBs need to teach employees how to spot and handle malicious email.
"Train them, for example, not to click on questionable links," he explains. Ongoing training about acceptable use policies can also help keep employees vigilant about emerging email threats.
Email Security Software for Small Business
Barracuda's email security policies fall into the set-it-and-forget-it category, but it also provides finer control capabilities for those who want it. "You can set up functionality—such as per-user quarantine—to give employees the ability to manage their own spam email," Stephen Gee says.
Rather than require a designated individual to evaluate all suspect emails and decide whether or not to pass them along, employees can access that tool to police their own mailbox. You can also give employees additional controls, such as creating custom whitelists and blacklists, for example.
Other features include email encryption, pre-filtering, and data loss protection policies. "We provide a comprehensive email-content security solution, and we don't nickel-and-dime you," Gee says. Entry pricing starts as low as $8 per employee per year for the company's cloud-hosted email security solution. The company also offers on-premises and virtual environment options.
Comodo Antispam Gateway (ASG)
Comodo's Michél Bechard says businesses look to the cloud when it comes to email security, and the reasons are simple. "If you have an email appliance next to your firewall, you have a single point of failure," he explains. "If it goes down, you have no email until you get it fixed." ASG customers have the option to log into a Web portal and access their email if a mail server goes down.
The platform includes a management console that supports simple configuration for a variety of settings, such as whitelists, blacklists, user groups, and permissions. Another time-saving feature lets customers auto-forward messages from one email account—a general inbox, for example—to an active user account.
Additional security measures include allowing users to log in from only select countries to further reduce the risk of unauthorized access. Audit-log records track all configurations and management actions, so you can investigate any changes if necessary.
One domain with five people will cost a small business $7 per month, though discounts may be available if you sign up for quarterly or annual billing. Add another five people for $5 per month.
An administrator controls the ultimate threshold for email security in Dell's hosted platform, but he or she can give employees the ability to handle tasks such as reviewing email in their junk folder and designating certain senders as whitelist or blacklist members.
"Our solutions need to be easy to install, deploy, and operate," Wasson says. "Small businesses often work with an IT technology partner, but they still need a solution that provides the tools and information they need in a business-friendly way."
SonicWall employs its own extensive threat team to monitor new and evolving risks, and it also works with industry partners to cast the widest net possible. The company feeds the latest threat data into the SonicWall solution so that its customers can stay one step ahead of the scammers.
Retail pricing for SonicWall hosted email security starts at $2 per person per month, with a minimum of 10 users.
The EdgeWave ePrism platform is designed to make enterprise-level email security easy to deploy and simple to maintain. According to EdgeWave's Patrick O'Neill, many customers report that "they save up to 8 hours a week in ongoing maintenance over their prior email security solution."
EPrism's proactive monitoring puts the brakes on risks before they ever hit customers' inboxes, ensuring the platform remains efficient and secure. On top of email security, ePrism boasts features such as data loss protection, email encryption, service continuity, and an optional regulatory-compliant email archiving tool.
A configurable notification system keeps administrators abreast of potential threats and thresholds, and if a problem arises, EdgeWave offers 24/7/365 technical support. EdgeWave's ePrism cloud-based solution starts at around $1 per month per workstation.
Julie Knudson is a freelance writer whose articles have appeared in technology magazines including BizTech, Processor, and For The Record. She has covered technology issues for publications in other industries, from foodservice to insurance, and she also writes a recurring column in Integrated Systems Contractor magazine.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|